Data Centre


Another week, another Cisco-security-kit-needs-a-patch story

Probing last week's ASA and Firepower flaws found another DDOS to deter

By Richard Chirgwin


Cisco's again asked owners of Adaptive Security Appliances or Firepower Threat Defense Software to patch, after it turned up a new DDOS problem that last patches didn't address.

Owners of such kit were in patch-fast mode last week after Switchzilla revealed a “crafted XML attack” that exposed webvpn's interface to the 'net, permitting denial of service or remote code execution.

Now Cisco's revealed that its probes into the problems revealed a further DOS vector.

Omar Santos, a principal engineer in Cisco's Product Security Incident Response Team, wrote that working with NCC Group's Cedric Halbronn (who made the original bug report), it was “found that the original list of fixed releases published in the security advisory were later found to be vulnerable to additional denial of service conditions”.

Santos added quick diagnostics for anybody wanting to know if their configuration is vulnerable: the key port will show up in response to the command show asp table socket | grep SSL|DTLS:

The presence of an SSL or DTLS listen socket on any TCP port indicates vulnerability.

Since IKEv2 configurations are also vulnerable, checking that as shown below also seems prudent.

The new patch is available at Cisco's updated advisory.

If you want complete understanding of the bug, NCC Group has put together a 120-page presentation [PDF] for Recon Brussels. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Ex-Cisco chief John Chambers: Tech biz bods are 'too arrogant'

It's easy to be serene from a throne of cash

Former Cisco CEO John Chambers says insects are the new lobsters

Only a venture capitalist could say something like that – but that’s what Chambers is now

Outgoing Cisco exec chair John Chambers joins Sprinklr board

There is life after the Borg... in social media management platforms apparently

Cisco's John Chambers: Robot farmers will feed bloated cricket thoraxes to our children

'US is the worst for startups'

Cisco's John Chambers to quit as exec chair

Southern drawler to fly off into sunset on back of a drone

Comparex boss Mike Chambers packs bags and heads for hills

Some people do 12 years for murder... channel exec released for good behaviour

Cisco CEO John Chambers' parting gift: a better-than-expected Q3

Switches and routers still the growth engines

Chambers tells India Cisco's got another US$100 million to spend

Students and startups

Cisco's Chambers mulls Indian manufacturing base

Come to Pune or miss the bus, apparently. Also, you rock harder than Shelbyville

John Chambers sold millions of shares on first day of Cisco Live!

Update Interesting timing for massive share deal